diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 9bc05cc..5f9cc7c 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.7" -# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars. +# This includes only the shared persistence for BBMRI-ERIC and GBN and EHDS2. Federation components are included as modules, see vars. services: blaze: @@ -20,6 +20,8 @@ services: - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" + ports: + - "8081:8080" volumes: blaze-data: diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml new file mode 100644 index 0000000..a0c2eb5 --- /dev/null +++ b/bbmri/modules/ehds2-compose.yml @@ -0,0 +1,60 @@ +version: "3.7" + +services: + focus-ehds2: + #image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + image: samply/focus + container_name: bridgehead-focus-ehds2 + environment: + API_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${EHDS2_PROXY_ID} + PROXY_ID: ${EHDS2_PROXY_ID} + BLAZE_URL: "http://blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy-ehds2:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + depends_on: + - "beam-proxy-ehds2" + - "blaze" + + beam-proxy-ehds2: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy-ehds2 + environment: + BROKER_URL: ${EHDS2_BROKER_URL} + PROXY_ID: ${EHDS2_PROXY_ID} + APP_focus_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/bbmri/modules/${EHDS2_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro + + # Convert ECDC CSV file into FHIR and push to Blaze + transfair: + container_name: transfair + image: samply/transfair + environment: + FHIR_INPUT_URL: "http://source_blaze:8080/fhir" + FHIR_OUTPUT_URL: "http://bridgehead-bbmri-blaze:8080/fhir" + PROFILE: "amr2fhir" + #WRITE_BUNDLES_TO_FILE: "true" + AMR_FILE_PATH: "/app/data" + restart: on-failure + command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null" + #command: sh -c "rm -rf /app/test/* && java -jar transFAIR.jar" + volumes: + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/ + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/ + + # Report on the data pushed to Blaze by TransFAIR + blazectl: + container_name: blazectl + image: samply/blazectl + command: sh -c "sleep 300 && echo Source store && blazectl --server http://bridgehead-bbmri-blaze:8080/fhir count-resources && tail -f /dev/null" + diff --git a/bbmri/modules/ehds2-setup.sh b/bbmri/modules/ehds2-setup.sh new file mode 100644 index 0000000..7e0e453 --- /dev/null +++ b/bbmri/modules/ehds2-setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "${ENABLE_EHDS2}" == "true" ]; then + log INFO "EHDS2 setup detected -- will start services for German Biobank Node." + OVERRIDE+=" -f ./$PROJECT/modules/ehds2-compose.yml" + + # The environment needs to be defined in /etc/bridgehead + case "$ENVIRONMENT" in + "production") + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + "test") + export EHDS2_BROKER_ID=broker.test.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2.test + ;; + *) + report_error 6 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + esac + + EHDS2_BROKER_URL=https://${EHDS2_BROKER_ID} + EHDS2_PROXY_ID=${SITE_ID}.${EHDS2_BROKER_ID} + EHDS2_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + EHDS2_SUPPORT_EMAIL=feedback@germanbiobanknode.de +fi diff --git a/bbmri/modules/ehds2.root.crt.pem b/bbmri/modules/ehds2.root.crt.pem new file mode 100644 index 0000000..eae0d4d --- /dev/null +++ b/bbmri/modules/ehds2.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUMy/n0zFRihhVR3aAD54LumzeYdwwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIxMDI1MDczNTA4WhcNMzIx +MDIyMDczNTM3WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL3qWliHIlIT1Qlsyq/NKJ1uj6/AF0STNg5NTNpb +Xqe5rmUqs6jmQepputGStBVe5TthFw56whISv9FqD5s1PZUGyFikW1pJUnF7ZYRf +MfrJHRi1vUnD3Gw36FCot+i6BAxfw/rdp9hoqFZ6erRkULLaYZ5S2cDHN0DWc18V +3VgZ66ah8QXSx7ERRNa/eWRkHrPIYhyVSoKuyZfvbVgsYZADSlviCgIHPrGLerLr +ylNUyuTxJ5RKStOwPn7A+Jp7nRT+MRh9BphA7s6NuK9h+eVe1DiLbIETWyCEfN3Y +INpunatn3QDhqOIfNcuBArjsAj7mg8l5KNba8nUP4v0EJYECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMvc5Fizz1vO +MEG3MIsy7UY69ZNIMB8GA1UdIwQYMBaAFMvc5Fizz1vOMEG3MIsy7UY69ZNIMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBb8a5su820 +h8JStJC+KpvXmDrGkwx9bHlEZMgQQejIrwPLEbA32KBvNxdoUxF9q1Y773MKdqbc +cCJwzQXE/NPZ13hCGrEIXs8DgH52GhEB5592k5/bRNcAvUwbZSXPPiT0rgq/eUOt +BYhgN0ov7h1MC5L6CYB/rQwqck7JPlmrXTkh2gix4/dEdBRzsHsn/xlo8ay5QYHG +rx2Adit76eZu/MJoJNzl1r8MPxLqyAie3KcIU54A+UMozLrWEQP/TyOyWZdjUjJt +cBYgkKJTjwdRhc+ehI3kFo7b/a/Z/jl9szKsAPHozMixSi8lGnsYwN80oqeRvT7h +wcMUK+igv3/K +-----END CERTIFICATE----- diff --git a/bbmri/modules/ehds2.test.root.crt.pem b/bbmri/modules/ehds2.test.root.crt.pem new file mode 100644 index 0000000..2c4f9f1 --- /dev/null +++ b/bbmri/modules/ehds2.test.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUJ0g7k2vrdAwNTU38S1/mU8NO26MwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNzEwMTIyMzQxWhcNMzMw +NzA3MTIyNDExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALMvc/fApbsAl+/NXDszNgffNR5llAb9CfxzdnRn +ryoBqZdPevBYZZfKBARRKjFbXRDdPWbE7erDeo1LiCM6PObXCuT9wmGWJtvfkmqW +3Z/a75e4r360kceMEGVn4kWpi9dz8s7+oXVZURjW2r13h6pq6xQNZDNlXmpR8wHG +58TSrQC4n1vzdSwMWdptgOA8Sw8adR7ZJI1yNZpmynB2QolKKNESI7FcSKC/+b+H +LoPkseAwQG9yJo23qEw1GZS67B47iKIqX2wp9VLQobHw7ncrhKXQLSWq973k/Swp +7lBdfOsTouf72flLiF1HbdOLcFDmWgIbf5scj2HaQe8b/UcCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHYxBJiJZieW +e6G1vwn6Q36/crgNMB8GA1UdIwQYMBaAFHYxBJiJZieWe6G1vwn6Q36/crgNMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCN6WVNYpWJ +6Z1Ee+otLZYMXhjyR6NUQ5s0aHiug97gB8mTiNlgXiiTgipCbofEmENgh1inYrPC +WfdXxqOaekSXCQW6nSO1KtBzEYtkN5LrN1cjKqt51P2DbkllinK37wwCS2Kfup1+ +yjhTRxrehSIfsMVK6bTUeSoc8etkgwErZpORhlpqZKWhmOwcMpgsYJJOLhUetqc1 +UNe/254bc0vqHEPT6VI/86c7qAmk1xR0RUfrnKAEqZtUeuoj2fe1L/6yOB16fxt5 +3V3oim7EO6eZCTjDo9fU5DaFiqSMe7WVdr03Na0cWet60XKRH/xaiC6gMWdHWcbh +vZdXnV1qjlM2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/bbmri/vars b/bbmri/vars index d1362fb..cd32b07 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -4,6 +4,9 @@ # Makes only sense for German Biobanks : ${ENABLE_GBN:=false} +# Makes only sense for EHDS2 project +: ${ENABLE_EHDS2:=false} + FOCUS_RETRY_COUNT=32 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem @@ -20,6 +23,10 @@ if [ -n "$GBN_SUPPORT_EMAIL" ]; then SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL fi +if [ -n "$EHDS2_SUPPORT_EMAIL" ]; then + SUPPORT_EMAIL=$EHDS2_SUPPORT_EMAIL +fi + function do_enroll { COUNT=0 if [ "$ENABLE_ERIC" == "true" ]; then @@ -30,6 +37,10 @@ function do_enroll { do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL COUNT=$((COUNT+1)) fi + if [ "$ENABLE_EHDS2" == "true" ]; then + do_enroll_inner $EHDS2_PROXY_ID $EHDS2_SUPPORT_EMAIL + COUNT=$((COUNT+1)) + fi if [ $COUNT -ge 2 ]; then echo echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address."